Questions about DHT, cryptography, and security

Would love to read some of your discussions / findings!

Good reputation systems that keep the individual in control are key to new forms of currency. Yet they are super tricky to design in a way that they can’t be exploited.

I myself still have a lot of questionmarks in my head. Would be super interesting to see some different angles.

2 Likes

Sure, @jakob.winter - as a starting point have you checked out our stuff on our website/gitbook?

@pauldaoust Quick question:
What digital signature scheme is holochain using again? Have holochain ever consider using Schnorr signature scheme?

I read that many cryptographers consider the Schnorr signature scheme to be the best in the field, as its mathematical properties offer a strong level of correctness, it doesn’t suffer from malleability and is relatively fast to verify.

As its best-known benefit in the context of Bitcoin, Schnorr’s “linear math” allows for signature aggregation: several signatures in the same transaction can be combined into one. A similar trick could be applied to multisig transactions. Combining both public keys and signatures into “threshold public keys” and “threshold signatures,” a multisig transaction can be made indistinguishable from any regular transaction.

And the signature scheme can be used in even more interesting ways. For example, it’s possible to use data to “tweak” both a private key and a public key. As a simplified example, a private key and its corresponding public key could be tweaked by multiplying both by two. The “private key x 2” and the “public key x 2” would still correspond, and the “private key x 2” could still sign messages that could be verified with the “public key x 2.” Anyone unaware that the original key pair was tweaked wouldn’t even see any difference; the tweaked keys look like any other key pair. Schnorr signature scheme is gioing to be use in Taproot for Bitcoin.

Any thoughts about Schnorr signature scheme and if it may be useful to holochain’s context? Thanks in advance!

@Sol We’e using Ed25519 signatures, which apparently uses a variant of the Schnorr signature algorithm (I knew what scheme we were using, but didn’t know it was related to Schnorr signatures).

2 Likes

Great! And its good to see the usage of Ed25519 signature and it’s performance and security properties. I learn something again! Actually, holochain really should publish these educational details to community. Many comprehensive details are in the forum but not neccesarily everyone from community comes here to read.

3 Likes

yeah, we’ve got a bandwidth problem for sure. So many articles to write, so little time :slight_smile: That was part of the reason we created the forum — so that at least people can discover these conversations while we’re looking for enough free time to write this sort of article :slight_smile:

4 Likes

I really have to say i am glad you remain with the team still! I wouldnt have as much confidence in holochain/holo without you answering most of my annoying questions over a long period of time. I always walk away feeling i learned new things!

Indeed, so many good stuffs in the forum. Really just not sure the majority of the community even have patience to research and go through all the topics in the forum.

4 Likes

Ha ha! Thanks, man. You ask a lot of intelligent questions which sharpen my explaining game by forcing me to learn about new things :wink:

5 Likes

hey all @PekkaNikander @pauldaoust @mwl @sidsthalekar

i have been reading up the concepts of mutual credits and it’s use in practice by Sardex, Swiss WIR for decades. I’ve re-visited your comments made above on mutual credits and i think i understand all of them now. :slight_smile:

I do have a question though. Been reading holo fuel paper and thre is a passage there:

“1) There is no change in active supply when an account with a positive balance transfers to another positive account.
2) Same is true for a negative balance to negative balance.
3) It is when someone spends their account into a negative balance while paying someone with a positive balance that the supply of credits in active use expands.
4) And it is when a person with a positive balance spends to someone in the negative that the supply of credits in active use contracts.”

I fully understand point 1-3. But still dont get point 4.
Can anyone explain point 4 with examples how a person with a positive balance spends to someone in the negative that the supply of credits in active use contracts works? Thanks in advance!

@pauldaoust i saw that you are still active on the forum recently. So, i thought i could give a quick ping to you if you could advice on my qns above? :slight_smile:

I’ll give it a shot:

Its pretty simple, really, when you keep in mind, that the total sum of all account balances is always zero.

Its easier to see, when we just have three accounts in our example. We begin with the accounts of Alice, Bob and Charlie all being at zero:

Now Alice buys a bicycle from Bob. So she owes him for that. To reflect this dept, she transfers 100 Hf to Bob. Her account goes down 100 Hf (into the minus) and Bob’s account goes up 100 Hf. In effect, 100 Hf have been created!

The overall amplitude - in both directions (positive / negative) is 100 Hf. But the sum of all accounts is still zero. The amplitude shows how much imbalance is in the system; imbalance meaning: someone is still owing someone else.

Now Bob buys a new pair of shoes from Charlie. His account goes down by 50 Hf, while Charlie’s goes up by 50 Hf. Notice that the overall amplitude has not changed, since none of their accounts were negative. The positive balance was just divided between their two accounts. Therefore no new Holo fuel has been created!

And finally, Charlie buys a nice bottle of Gin from Alice’s distillery. So he transfers 50 Hf to her account. Those positive funds from Charlie’s account reduce Alice’s negative balance by half. If you count all balances above zero and all balances below zero, you’ll see that the amplitude has reduced to 50 Hf. Therefore, by a positive account (Charlie) transfering to a negative account (Alice), Holo fuel has been destroyed.

I hope this explanation made it a bit clearer.

5 Likes

@jakob.winter wow, thanks so much for the explanation. You make it sounds so simple :slight_smile: Another step towards me fully internalizing different aspect of mutual credits. I have high hopes of seeing holo fuel as the very 1st crypto mutual credit currency backed by hosting capacity creating a paradigm shift and change in thinking by the wider crypto community in 2020/2021.

2 Likes

@artbrock @pauldaoust this is part of the “immune system” of an agent/dht to ensure every public entry have the required amount of redundancy level?

If let say the redundancy level is 25, but for some reasons, 5 nodes carrying a particular tx drop out of the network, the author will be notify of this? Does the author need to regularly and specifically check with every nodes that had signed the tx (against some tx signature aggregation list?) whether they keep the data?

If not, they republish to 5 more nodes to validate/store? And the signature aggregation list get updated? And in future, the author will continue the process of checking against the updated (and bigger) list to ensure required level of redundancy?

I can imagine if every author is doing this process continuously for all their txs, wouldn’t this be very taxing to the network’s resources?

1 Like

Thanks, Sol. I was half way through writing my explanation, when I realized that it would be so much easier to understand visually (even made it clearer to myself) :slight_smile:

2 Likes

Yeah, visuals or infographics or with tables (to do comparisons) are really helpful to allow one to understand concepts easier. Somehow, it is better for the brain to process compared to just words alone! :slight_smile:

@jakob.winter I love these illustrations; they’re both beautiful and really effective at explaining complex things in simple ways. Thank you for sharing them!

@sol as I understand it from re-reading Art’s response, the periodic republishing of my own data would be to make sure that the DHT, as I see it, knows about my data. I can see these scenarios:

  1. The neighbourhood that should hold my data already holds it to the expected resilience factor. In this case, I can get back my entry from the DHT and all is well. (Note: when Holochain’s vision of resilience is fully implemented, FWIU it won’t simply be “if R = 10, then 10 nodes should be holding this entry” – it should be more like “if R = 10, and my neighbours and I are only online 50% of the time, then 20 nodes should be holding it”. That would be determined by having neighbours check each other’s uptime from time to time, I think – and maybe also doing random spot-checks on individual entries to see if live nodes have failed to hold entries that were gossiped to them.)
  2. The neighbourhood holds my data, but not to the resilience factor (either because some of them are offline and the DHT hasn’t ‘healed’ the resilience of the data, or because malicious nodes are dropping the data). Asking for my entry might fail or it might succeed. If it succeeds, it’s likely then that the neighbourhood is already trying to repair resilience and weed out unreliable nodes. If it fails, republishing should help the remaining good nodes to find the data they missed.
  3. I’m actually being eclipsed by malicious gossip peers, and I can’t see the ‘real’ DHT at all. In this case, I’ve got bigger problems and republishing won’t help. Better bootstrapping can help prevent this in the first place.

FWIU the big burden will be on the peers that hold the data to repair resilience for an entry, not the author. But having the author republish their entries could help.

Now that, I don’t know, and I’m curious about that myself. Whose job is it to collect validation signatures? Does the signature list change over time? I’m not sure.

I imagine so. We’d have to find a balance between resilience and speed.

2 Likes

@pauldaoust thanks so much for the info and views including those you are not sure.

@artbrock able to advice on mine’s and paul’s feedback on above posts? Especially the part on if “immune system” were to work, there will be a lot of constant monitoring needed to make sure redundancy of every txs are always at certain level?

How do you ensure a balance of data availability/resilience while still being resource efficient and high performance?

I’m jumping the gun here, because I’d like to hear Art’s answer, but my first thought is “just try something” – in other words, make some assumptions, create a test for them, and see how things perform in real life. It’s likely to be different for every DNA (and even different neighbourhoods within a DHT), so a strategy that adapts to current conditions is probably the best course.

2 Likes

Me too :slight_smile:
I would want to know specifically their approach for their flagship happs - holo and holofuel.

Hey guys. Speaking on “reputation currencies” on holochain - i actually came across this article on a protocol call “Erasure” which allows exchanging valuable information on the internet.

It’s core premise are both producer and consumers stake something of value (a token in this case) to ensure information given by producers are of high quality and request for information by consumers are of genuine intent and serious.

This allows “skin-in-the-game” with direct benefits for high quality service and costs for bad intentions. And then the blockchain facilitate transparency, storing of txs by actors and issuing out reputation scores.

I know in holochain’s mutual credit/agent-centric/not everyone store all information’s design context - a person with bad reputation probably may face loss of or less business or credits extended to him thereafter.

But does holochain’s design actually allows “staking”? Meaning locking of “capital/value” upfront for certain promise to deliver and if unable to deliver, face upfront cost of his locked “capital/value”?

Article here fyi. It’s a good read: https://www.placeholder.vc/blog/2020/4/9/erasure